www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Craig L Russell <Craig.Russ...@Sun.COM>
Subject Re: Maven repository issues [Was: Creative Commons Attribution License]
Date Thu, 29 May 2008 21:38:48 GMT

On May 29, 2008, at 1:06 AM, Henri Yandell wrote:

> On Thu, May 29, 2008 at 12:58 AM, Stefano Bagnara <apache@bago.org>  
> wrote:
>> Craig L Russell ha scritto:
>>> I don't have any problem with depending on a CC licensed artifact,  
>>> but I'm
>>> troubled by the notion that an artifact would be installed into a  
>>> Maven
>>> repository by "not the author".
>> I had big issues with the fact that pom.xml in maven repository  
>> have no
>> license headers. Our PMC voted down redistributing some of them  
>> because of
>> this.
>> It should be enforced that any uploaded pom.xml include a license  
>> header to
>> specify the license for the pom itself.
>> Unfortunately most pom.xml in the current repository do not have  
>> the license
>> header and we don't even know who hold the copyright for that  
>> files, AFAIK.
> Apart from the description of the project, which is usually copied
> from the project website if it's even there, I wonder how much
> copyright there is in a pom.xml. All of the xml tags and attributes
> are a standard enforced by the Maven tool, so that leaves the data in
> between the xml - namely urls, people's names, project name/versions
> and some small level of configuration (ie: numbers and file paths).
> A different world than even a build.xml where basic building blocks
> are used as a set of instructions.

If a project ProjectA creates a pom for a different project ProjectB  
in order to publish it in a Maven repository, ProjectA can license the  
pom in any way it wants to (presumably the Apache license if one of  
our own projects does it) and the contents of the pom tell the user  
what the license is for the artifact from ProjectB.

Plus, the artifact will often contain LICENSE and NOTICE files. If  
there is a license for the pom itself, it's under the control of  
whoever published the artifact.

This area is one reason I think it's best for the author of an  
artifact to explicitly publish it to a Maven repository, so we don't  
get "dueling publishers" with their own versions of poms etc.

> Hen
> ---------------------------------------------------------------------
> DISCLAIMER: Discussions on this list are informational and educational
> only.  Statements made on this list are not privileged, do not
> constitute legal advice, and do not necessarily reflect the opinions
> and policies of the ASF.  See <http://www.apache.org/licenses/> for
> official ASF policies and documents.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
> For additional commands, e-mail: legal-discuss-help@apache.org

Craig Russell
Architect, Sun Java Enterprise System http://java.sun.com/products/jdo
408 276-5638 mailto:Craig.Russell@sun.com
P.S. A good JDO? O, Gasp!

View raw message